6 ways to keep your data safe in the cloud

Most of us have a lot of data in the cloud, housed in storage services such as Dropbox, e-mail applications such as Gmail (s goog) or everyday web services such as Facebook (s fb). Most of us probably don’t keep it as safe as we should, either. Although certain methods of attack are beyond our control — such as the social engineering attack that befell Wired staffer Mat Honan last week — if you’re willing to undertake a little extra effort, there are still plenty of methods to prevent intruders from seeing your information.

1. Be smart about passwords and security questions.

Advertisement

Ideally, passwords and usernames should be unique for each service so a breach at one doesn’t result in carte blanche access to the rest of your accounts (if the LinkedIn breach (s lnkd) didn’t beat the practice into our collective head, nothing will). Passwords also should be obscure enough that someone won’t be able to guess them if they know a few factoids about the target. And complex helps too: interspersing numbers, symbols and upper-case letters makes it harder to guess even if someone gets the phrase right.

When it comes to security questions, don’t choose answers that are readily available online. If you have a really good memory (or are already good at keeping track of numerous passwords and usernames), choose non-sensical answers to the questions. Your mother’s maiden name: Thomas & Friends, for example.

2. When possible, encrypt

Essentially, encryption software will scramble information and make it unreadable to anybody without the password to decrypt it (or the determination to crack it). However, like anything that make us more secure, it requires some effort on the user’s part. At the least, that means remembering the password for services (such as FileVault on Mac devices (s aapl)) that offer encryption as a standard feature, because losing it might mean losing access to data when it’s needed. For true security in the cloud, though, client-side encryption is probably the best idea, which means finding, possibly paying for and, most importantly, actually using third-party software.

3. Use two-factor authentication

AWS’s Multi-Factor Authentication device

Two-factor authentication means logging in requires both username and password, and a unique code sent at that time to a device the user has on his or her person. For Google accounts, for example, that’s usually via an SMS message to a mobile phone although it can be an app, as well. For some banks (as well as for Amazon Web Services (s amzn)) that can be a device designed especially for the purpose. It can be a pain to always look to another device while logging in, and those without their devices can be out of luck or in for a hassle if they need access, but it’s a pretty effective method even if someone gets your password.

4. If you need it, back it up

It’s kind of strange how cloud services have become so prolific we’re now talking about backing up data locally. Irony aside, however, it’s about the smartest thing someone can do to make sure they always have their important data. External hard drives are relatively cheap, as are third-party cloud services designed specifically for backing up data, so there’s really no excuse not to have multiple copies of files. For whatever it’s worth, Google even lets users download certain account information, which could ensure you never lose Gmail data.

5. Delete it when it’s done

In an era of seemingly limitless online storage, it can be hard to come to terms with the idea that e-mail messages or files might outlive their importance. But to ensure no one sees potentially damaging information — such as salacious messages, messages including personal information such as credit card or Social Security numbers, or username/password reminders for online accounts — it’s smart to delete some stuff sometimes. If messages or other files really must exist ad infinitum, though, back them up (and maybe encrypt them) before deleting them.

6. Don’t be a dummy

Just generally, be smart when doing stuff online. Use antivirus software to help prevent malware (such as keystroke loggers) that could help someone access account information. Keep your Wi-Fi network locked down; maybe don’t even broadcast it. Don’t click on links or open attachments in suspicious e-mail messages, even when they’re from companies with which you do business. If you end up on a site that looks sketchy and has a .ru domain, leave. Don’t go to Black Hat and send anything remotely important over the Wi-Fi network. You get the point.

Use a dedicated virtual machine for banking or any other secure task. Never browse the internet, open email, or execute any other task with it. Never do any secure task under an administrative account.

It is sad to see something like this happen, but I think this is the type of wake-up call that they needed to kick the complacent attitude about authentication and passwords. There continues to remain the need for more preventative measures to be put in place. For example many of the leading online storage providers are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim that the verification process makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more providers start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.